CLayer Packet classification with explicit coordination Mosharaf Chowdhury
- Slides: 22
CLayer Packet classification with explicit coordination Mosharaf Chowdhury with Sameer Agarwal, Dilip Joseph, and Ion Stoica UC Berkeley
Motivation Packet classification is everywhere Link (2. 5) Switching, MPLS Network Forwarding Transport Filtering, Int. Serv, INTERNET Diff. Serv Application Load balancing, Intrusion detection January 22, 2010 Google GRAD CS Forum @ Mountainview 2
Problems 1 Existing approaches are point solutions for specific layer/service Packet classification is expensive 3 2 » Computation and memory requirements » Power hungry Configuration complexity 4 5 » Lack of coordination between entities involved Semantic gap January 22, 2010 Google GRAD CS Forum @ Mountainview 3
Solution CLayer is a cross-layer classification primitive » Generic mechanism to configure and implement capabilitydriven classification offloading » Explicit coordination between classifiers and helpers “Classify once, verify thereafter” Label-based per-flow classification » Labels are verifiable, confidential, and non-transferable January 22, 2010 Google GRAD CS Forum @ Mountainview 4
Outline CLayer classification model Fate-carrying labels (FCLs) Implementation Results January 22, 2010 Google GRAD CS Forum @ Mountainview 5
Classification model January 22, 2010 Google GRAD CS Forum @ Mountainview 6
Control plane 2 b 1 Class. Req 2 a Capability TCPFLow, Web. Sess End host A Class. Req Qo. S enabled router 3 January 22, 2010 Class. Rsp Qo. S: q 1, Web. Sess: 1 Qo. S: q 1 Load balancer Qo. S: q 1, Web. Sess: 1 Google GRAD CS Forum @ Mountainview Web server 1 Web server 2 7
Data plane 4 b 4 a Qo. S: q 1, Web. Sess: 1 Payload End host A Qo. S enabled router Qo. S: q 1, Web. Sess: 1 Payload Load balancer Web server 1 Web server 2 January 22, 2010 Google GRAD CS Forum @ Mountainview 8
Fate-carrying labels January 22, 2010 Google GRAD CS Forum @ Mountainview 9
FCL basics A label in CLayer is an opaque bag of bits » Issued by a classifier for a particular flow » Meaningful only to the issuer » ‹label → action› lookup A fate-carrying label carries the action itself » No ‹label → action› lookup » No states in classifiers January 22, 2010 Google GRAD CS Forum @ Mountainview 10
Requirements Authenticity and Integrity » Verifiable and non-transferable » Unforgeable and single-use only Confidentiality » Impossible to infer Performance » Not better off without CLayer January 22, 2010 Google GRAD CS Forum @ Mountainview HMAC Checksum Obfuscation Periodic Invalidation Line-speed hashing Low overhead 11
Placement 4 Bits N 8 Bits RESIG 32 Bits Application Layer HANDLE MSG Transport Layer INFO 0 CLayer … Network Layer INFO (N – 1) CLayer Header 4 Bits ID TYPE LEN 32 Bits 16 Bits CHECKSUM ACTION HMAC (5 -tuple, ACTION, SECRET) January 22, 2010 Google GRAD CS Forum @ Mountainview FCL 12
Implementation January 22, 2010 Google GRAD CS Forum @ Mountainview 13
Implementation stats C++ Implementation using user level Click software router Core components: » CLayer socket library and daemon (4025 lines) » Layer 4 firewall (308 lines) » Layer 4 load balancer (190 lines) Ported applications: » lighttpd, httperf, wget, nuttcp, elinks (< 50 lines) January 22, 2010 Google GRAD CS Forum @ Mountainview 14
Results January 22, 2010 Google GRAD CS Forum @ Mountainview 15
Overheads CLayer overheads at helpers: » State: ~10 bytes per connection » Processing: less than 1 μs At classifiers: » No state overheads » Processing: varies in s/w and h/w implementations Per-packet overheads: » Proportional to the number of labels » Potential bottleneck January 22, 2010 Google GRAD CS Forum @ Mountainview 16
Performance attractiveness threshold January 22, 2010 Google GRAD CS Forum @ Mountainview 17
Multiple classifiers hash overhead software implementation overhead (Each with 7500 rules) January 22, 2010 Google GRAD CS Forum @ Mountainview 18
Summary Packet classification requires a dedicated layer CLayer provides significant performance gain » 2 -4 times increase in classifier throughput » Additional ~100% increase in throughput in trusted domains or with line-speed h/w hashing CLayer adoption requires minimal change » Most suitable for controlled environments like data center and enterprise networks January 22, 2010 Google GRAD CS Forum @ Mountainview 19
Questions January 22, 2010 ? ? ? Google GRAD CS Forum @ Mountainview 20
Backup January 22, 2010 Google GRAD CS Forum @ Mountainview 21
CLayer handshaking Data Plane Control Plane End host A January 22, 2010 Router E 1 CL_SYN Capability: [A, TCPFlow, Label] 2 4 CL_SYNACK 3 Capability: [B, TCPFlow, Label] End host B CL_SYN Capability: [A, TCPFlow, Label] Class. Req: [E, A, TCPFlow, Label: q 1] CL_SYNACK Capability: [B, TCPFlow, Label] Echo. Req: [E, A, TCPFlow, Label: q 1] Class. Req: [E, B, TCPFlow, Label: q 2] 5 CL_ACK 1 8 CL_ACK 2 Echo. Req: [E, B, TCPFlow, Label: q 2] Results: [E, TCPFlow, Label: q 1] 6 CL_ACK 1 Echo. Req: [E, B, TCPFlow, Label: q 2] Results: [E, TCPFlow, Label: q 1] 7 CL_ACK 2 Results: [E, TCPFlow, Label: q 2] DATA Results: [E, TCPFlow, Label: q 1] DATA Results: [E, TCPFlow, Label: q 2] Google GRAD CS Forum @ Mountainview 22
Unix time sharing system
Octahedral complex optical isomers
Md zahidul islam chowdhury
The seed of independence was sown on 21 february 1952
Pallabi chowdhury
Zakaria chowdhury
Prevention of scabies ppt
Dr. tamgid ahmed chowdhury
Rumana chowdhury
What is group discussion
Traditional narrative structure
Neurocuts
Explicit culture definition
Explicit culture
Explicit cost
Recursive sequence formula
Vbscript
What is implicit thesis statement
What is explicit
Explicit curriculum
Explicit costs
Knowledge management infrastructure
Implicit evidence
